Описание
Security update for openldap2
This update for openldap2 fixes the following issues:
- CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
libldap-2_4-2-2.4.46-lp152.14.12.1
libldap-2_4-2-32bit-2.4.46-lp152.14.12.1
libldap-data-2.4.46-lp152.14.12.1
openldap2-2.4.46-lp152.14.12.1
openldap2-back-meta-2.4.46-lp152.14.12.1
openldap2-back-perl-2.4.46-lp152.14.12.1
openldap2-back-sock-2.4.46-lp152.14.12.1
openldap2-back-sql-2.4.46-lp152.14.12.1
openldap2-client-2.4.46-lp152.14.12.1
openldap2-contrib-2.4.46-lp152.14.12.1
openldap2-devel-2.4.46-lp152.14.12.1
openldap2-devel-32bit-2.4.46-lp152.14.12.1
openldap2-devel-static-2.4.46-lp152.14.12.1
openldap2-doc-2.4.46-lp152.14.12.1
openldap2-ppolicy-check-password-1.2-lp152.14.12.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1918-1
- SUSE Security Ratings
- SUSE Bug 1178387
- SUSE CVE CVE-2020-25692 page
Описание
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.
Затронутые продукты
openSUSE Leap 15.2:libldap-2_4-2-2.4.46-lp152.14.12.1
openSUSE Leap 15.2:libldap-2_4-2-32bit-2.4.46-lp152.14.12.1
openSUSE Leap 15.2:libldap-data-2.4.46-lp152.14.12.1
openSUSE Leap 15.2:openldap2-2.4.46-lp152.14.12.1
Ссылки
- CVE-2020-25692
- SUSE Bug 1178387